National Cyber Security Centre chief 'should be paid up to €290k'
The director of the National Cyber Security Centre should be paid up to €290,000 annually, the Oireachtas Committee on Transport and Communications has heard. The current salary for this role is €89,000.
The director of the National Cyber Security Centre should be paid up to €290,000 annually, the Oireachtas Committee on Transport and Communications has heard.
The current salary for this role is €89,000, but cybersecurity recruitment expert Bláthnaid Carolan said this is not enough to compete with private-sector salaries.
Concerns were raised by committee members that Ireland does not have enough indigenous talent to address cybercrime.
Ms Carolan, HR director of Fiserve, said the conditions for senior roles on offer should be improved.
She recommended a salary of between €220,000 and €290,000 with a benefits package of €150,000-€200,000.
Pat Larkin, head of Ward Solutions, told the committee the current budget for the NCSC should be boosted from €5m annually to €50m.
Mr Larkin’s company is assisting some branches of the HSE in repairing the damage from the cyberattack.
He said his budget assessment is based on a per capita sum following the UK budget of £2.9bn over a number of years.
He said: “That is 10 times what we spend at the moment.”
But responding to queries from the committee chair, Limerick TD Kieran O’ Donnell, he said moving control of the NCSC to the Department of Justice or Defence is not necessarily required. The centre is currently located within the Department of the Environment, Transport and Communications.
The crucial change needed, he said, is to remove “the silos” which block information and learning from flowing between departments but also between private and public sectors.
Fianna Fáil TD for Clare Cathal Crowe said he was concerned to hear from the experts that cybercrime is overtaking the illegal drugs trade in terms of volume and finances.
He said as a former primary school teacher he is aware schools often still rely on outdated software and that schools running Windows 95 is not unusual.
Responding to his concerns, Mr Larkin said “relentless risk assessment” is needed across all sectors. He cited a cyberattack on a power generator in Ukraine in 2015 as an example of what can go wrong if this is not done.
Mr Larkin described any national healthcare IT system as “a large attack surface area” due to the high number of users and locations.
Addressing the committee from Boston, Padraic O’Reilly, co-founder of Cybersaint, said the FBI is setting up a tasfkorce to focus on fighting ransomware.
He said estimates show ransomware attacks increased by 311% last year, and that $350m in disclosed ransoms were paid.
Speakers from Cyber Ireland called for better investment in education and training.
Dr Eoin Byrne, cluster manager, said 14 new courses in higher education were funded last year but more is needed. He said the Munster Technological University is leading out on a programme to boost this type of education.
